Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Token from DefaultAzureCredential expires/limited based on app config

See original GitHub issue
  • Package Name: @azure/identity
  • Package Version: 2.0.4
  • Operating system: Windows 10
  • nodejs
    • version: 16.13.0
  • browser
    • name/version:
  • typescript
    • version:
  • Is the bug related to documentation in

Describe the bug A clear and concise description of what the bug is.

When using the DefaultAzureCredential, if I create a new instance upon server startup, then occasionally requests error out because the token has expired. Subsequent requests work, I assume because the token gets refreshed afterwards, but even one failed request is unacceptable for my scenario.

To try to work around this issue, I moved the DefaultAzureCredential instance creation to the routes, which works locally (short-running server), but then throws this error when server has been running for long time (>1 day for sure, but could start sooner):

{
    "code": "ELOGIN",
    "originalError": { "code": "ELOGIN" },
    "name": "ConnectionError"
}

To Reproduce Steps to reproduce the behavior:

  1. Start Nodejs app with DefaultAzureCredential created at startup
  2. Ping route that tests connection and receive 200
  3. Wait >24hrs
  4. Ping same route and receive 500

Expected behavior A clear and concise description of what you expected to happen.

When creating new DefaultAzureCredential instance on server startup, expected token to automatically refresh during authentication process with Azure resource. When creating new DefaultAzureCredential instance on each request, expected no limit on token creation (suspected issue).

Screenshots If applicable, add screenshots to help explain your problem.

Additional context Add any other context about the problem here.

Here’s an example of an MVP of my Nodejs app:

const express = require('express');
const { DefaultAzureCredential } = require('@azure/identity');
const sql = require('mssql');
const app = express();
app.use(express.json());
app.use(express.urlencoded({ extended: true }));

const configureSQL = async credential => {
  const { token } = await credential.getToken(
    'https://database.windows.net/.default'
  );

  const config = {
    authentication: {
      type: 'azure-active-directory-access-token',
      options: {
        token: token
      }
    },
    server: process.env.DB_SERVER,
    database: process.env.DB_NAME,
    options: {
      encrypt: true,
      enableArithAbort: true
    },
    pool: {
      max: 10,
      min: 0,
      idleTimeoutMillis: 30000
    }
  };

  return config;
};

app.get('/', (req, res) => {
  const credential = new DefaultAzureCredential();
  const config = await configureSQL(credential);
  const pool = await sql.connect(config);
  const result = await pool.query('SELECT * FROM TestTable');
  res.send(result.recordset);
})

app.listen(7000, () => {
  console.log('Server started on port 7000');
});

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:14 (7 by maintainers)

github_iconTop GitHub Comments

1reaction
KarishmaGhiyacommented, May 19, 2022

That’s great!! Thanks @nihonjinboy85

0reactions
richardcarrigancommented, May 19, 2022

Hi @KarishmaGhiya ,

Great news! I’ve turned on the verbose logging as discussed and waited 24 hours for the server startup token to expire. In reviewing the logs, it looks like the new token is successfully being created. What I think is actually happening is that the mssql NPM package is not establishing a new connection to my SQL DB using the new token, but rather responding with the existing connection pool in order to prevent my app from creating multiple connection pools and eventually overloading the SQL server. I’ve confirmed this in logs, so I’ll go ahead and close this issue and instead take it up with the mssql team.

Thank you so much for all of you help!

Read more comments on GitHub >

github_iconTop Results From Across the Web

DefaultAzureCredential Class (Azure.Identity) - Microsoft Learn
Provides a default TokenCredential authentication flow for applications that will be deployed to Azure. The following credential types if enabled will be ...
Read more >
DefaultAzureCredential: Unifying How We Get Azure AD Token
The DefaultAzureCredential gets the token based on the environment the application is running. The following credential types if enabled ...
Read more >
Azure Identity 201 - DefaultAzureCredential Options
We wanted to make it brain-dead simple for you to authenticate your apps with Azure. Auth can be very hard to get right....
Read more >
Token from DefaultAzureCredential expires/limited based on ...
Token from DefaultAzureCredential expires/limited based on app config #21787. Package Name: @azure/identity; Package Version: 2.0.4; Operating system: ...
Read more >
DefaultAzureCredential | @azure/app-configuration - NET
Provides a default ChainedTokenCredential configuration for applications that will be deployed to Azure. The following credential types will be tried, in order:.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[KeyVault] Keyvault access is broken in newer version on Managed Identity

Next page

@azure/core-tracing@1.0.1: Type alias 'Resolved' circularly references itself.